From: "Z. Cliffe Schreuders" <c.schreuders@murdoch.edu.au>
To: casey@schaufler-ca.com
Cc: Jan Engelhardt <jengelh@computergmbh.de>, linux-kernel@vger.kernel.org
Subject: Re: Including STRTOK_R in a LSM
Date: Mon, 16 Jul 2007 22:43:09 +0800 [thread overview]
Message-ID: <469B83FD.8080409@murdoch.edu.au> (raw)
In-Reply-To: <214530.36096.qm@web36609.mail.mud.yahoo.com>
Casey Schaufler wrote:
> --- "Z. Cliffe Schreuders" <c.schreuders@murdoch.edu.au> wrote:
>
>
>> What I need is to ignore double delimiters such as (::). This can be
>> done trivially with a string comparison to check for "\0". What I want
>> to know is if it is ok to include the strtok_r code in my security
>> module, or if strtok was removed for a very good reason. I am porting a
>> lot of existing code which already uses strtok_r to a kernel security
>> module.
>>
>
> All over the Linux world little red flags are popping up.
>
> Text processing of the sort that requires token parsing is rare
> in the kinds of things the kernel is usually called upon to do.
> You did mention, and someone else demonstrated, that there are
> existing alternatives that you could adopt. Cluttering the kernel
> with duplicate functionality is strongly discouraged.
>
Thanks Casey,
I plan to pass simple lines of policy from user-space into kernel
functions which use this information to build the internal
representation of policy.
I had started writing these functions in user-space (to save time :\)
and stupidly did not check that strtok_r was available from within the
kernel (I thought string.h would include it). Anyway, so now I have a
rewrite on my hands (unless I just include the strtok_r code). All part
of the learning process I guess.
> As far as porting existing code into the kernel goes, be sure to
> have a look at the official coding style before you show what you've
> done to anyone.
Will do.
> If you're porting "a lot" of code (Use SELinux as a
> benchmark for an LSM. If you're bigger than that you have "a lot"
> of code) you may also be putting too much into the kernel.
It is not a lot in comparison to SELinux.
Thanks,
Cliffe.
next prev parent reply other threads:[~2007-07-16 14:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-16 8:52 Including STRTOK_R in a LSM Z. Cliffe Schreuders
2007-07-16 10:16 ` Jan Engelhardt
2007-07-16 12:19 ` Z. Cliffe Schreuders
2007-07-16 13:34 ` Casey Schaufler
2007-07-16 14:43 ` Z. Cliffe Schreuders [this message]
2009-03-16 14:03 ` Getting the port numbers and IP address from struct socket Cliffe
2009-03-16 13:58 ` Matthias Kaehlcke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=469B83FD.8080409@murdoch.edu.au \
--to=c.schreuders@murdoch.edu.au \
--cc=casey@schaufler-ca.com \
--cc=jengelh@computergmbh.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.